We are looking for a solution on how to communicate which crates were audited and which were not. For example the broker pallet is not audited, but how to communicate this? There are several approaches so far: A. Code hash signing from RFC: trustless in-code auditing annotations Downside: Only w…

Rust crate auditing across the ecosystem

professor November 14, 2023, 10:08am 9

Thanks for bringing up this topic. The Parity AppSec team has been working on a proposal for a while, and it’s published here. It would be great to have your attention and feedback.

3 Likes

Topic		Replies	Views
Security Audit Log and Tracking security	2	702	March 11, 2024
RFC: trustless in-code auditing annotations Tech Talk frame	5	772	December 5, 2022
Polkadot SDK Version Manager security , release-analysis	1	548	April 18, 2024
Publish Substrate to crates.io Tech Talk	44	2101	March 11, 2024
Polkadot Summit 24' - Ecosystem Audit Log and Tracking & Ecosystem Vulnerability Disclosure Ecosystem polkadot-summit	0	136	April 3, 2024

Rust crate auditing across the ecosystem

Related topics